diff --git a/CHANGELOG b/CHANGELOG index f1a0f6a0e..54d6e8148 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -73,6 +73,9 @@ o [Windows] Add support for the new loopback behavior in Npcap 0.9983. This Adapter to be installed, which was a source of problems for some users. [Daniel Miller] +o [NSE] MS SQL library has improved version resolution, from service pack level + to individual cumulative updates [nnposter] + o [NSE][GH#2077] With increased verbosity, script http-default-accounts now reports matched target fingerprints even if no default credentials were found [nnposter] diff --git a/nselib/mssql.lua b/nselib/mssql.lua index 6437f348f..f8e22b0df 100644 --- a/nselib/mssql.lua +++ b/nselib/mssql.lua @@ -340,17 +340,21 @@ SqlServerVersionInfo = end, - --- Returns a lookup table that maps revision numbers to service pack levels for - -- the applicable SQL Server version (e.g. { {1600, "RTM"}, {2531, "SP1"} }). + --- Returns a lookup table that maps revision numbers to service pack and + -- cumulative update levels for the applicable SQL Server version, + -- e.g., {{1913, "RC1"}, {2100, "RTM"}, {2316, "RTMCU1"}, ..., + -- {3000, "SP1"}, {3321, "SP1CU1"}, ..., {3368, "SP1CU4"}, ...} _GetSpLookupTable = function(self) -- Service pack lookup tables: - -- For instances where a revised service pack was released (e.g. 2000 SP3a), we will include the - -- build number for the original SP and the build number for the revision. However, leaving it - -- like this would make it appear that subsequent builds were a patched version of the revision - -- (e.g. a patch applied to 2000 SP3 that increased the build number to 780 would get displayed - -- as "SP3a+", when it was actually SP3+). To avoid this, we will include an additional fake build - -- number that combines the two. + -- For instances where a revised service pack was released, e.g. 2000 SP3a, + -- we will include the build number for the original SP and the build number + -- for the revision. However, leaving it like this would make it appear that + -- subsequent builds were a patched version of the revision, e.g., a patch + -- applied to 2000 SP3 that increased the build number to 780 would get + -- displayed as "SP3a+", when it was actually SP3+. To avoid this, we will + -- include an additional fake build number that combines the two. + -- Source: https://sqlserverbuilds.blogspot.com/ local SP_LOOKUP_TABLE = { ["6.5"] = { {201, "RTM"}, @@ -406,33 +410,235 @@ SqlServerVersionInfo = }, ["2012"] = { + {1103, "CTP1"}, + {1440, "CTP3"}, + {1750, "RC0"}, + {1913, "RC1"}, {2100, "RTM"}, + {2316, "RTMCU1"}, + {2325, "RTMCU2"}, + {2332, "RTMCU3"}, + {2383, "RTMCU4"}, + {2395, "RTMCU5"}, + {2401, "RTMCU6"}, + {2405, "RTMCU7"}, + {2410, "RTMCU8"}, + {2419, "RTMCU9"}, + {2420, "RTMCU10"}, + {2424, "RTMCU11"}, {3000, "SP1"}, + {3321, "SP1CU1"}, + {3339, "SP1CU2"}, + {3349, "SP1CU3"}, + {3368, "SP1CU4"}, + {3373, "SP1CU5"}, + {3381, "SP1CU6"}, + {3393, "SP1CU7"}, + {3401, "SP1CU8"}, + {3412, "SP1CU9"}, + {3431, "SP1CU10"}, + {3449, "SP1CU11"}, + {3470, "SP1CU12"}, + {3482, "SP1CU13"}, + {3486, "SP1CU14"}, + {3487, "SP1CU15"}, + {3492, "SP1CU16"}, {5058, "SP2"}, + {5532, "SP2CU1"}, + {5548, "SP2CU2"}, + {5556, "SP2CU3"}, + {5569, "SP2CU4"}, + {5582, "SP2CU5"}, + {5592, "SP2CU6"}, + {5623, "SP2CU7"}, + {5634, "SP2CU8"}, + {5641, "SP2CU9"}, + {5644, "SP2CU10"}, + {5646, "SP2CU11"}, + {5649, "SP2CU12"}, + {5655, "SP2CU13"}, + {5657, "SP2CU14"}, + {5676, "SP2CU15"}, + {5678, "SP2CU16"}, {6020, "SP3"}, + {6518, "SP3CU1"}, + {6523, "SP3CU2"}, + {6537, "SP3CU3"}, + {6540, "SP3CU4"}, + {6544, "SP3CU5"}, + {6567, "SP3CU6"}, + {6579, "SP3CU7"}, + {6594, "SP3CU8"}, + {6598, "SP3CU9"}, + {6607, "SP3CU10"}, {7001, "SP4"}, }, ["2014"] = { + {1524, "CTP2"}, {2000, "RTM"}, + {2342, "RTMCU1"}, + {2370, "RTMCU2"}, + {2402, "RTMCU3"}, + {2430, "RTMCU4"}, + {2456, "RTMCU5"}, + {2480, "RTMCU6"}, + {2495, "RTMCU7"}, + {2546, "RTMCU8"}, + {2553, "RTMCU9"}, + {2556, "RTMCU10"}, + {2560, "RTMCU11"}, + {2564, "RTMCU12"}, + {2568, "RTMCU13"}, + {2569, "RTMCU14"}, {4100, "SP1"}, + {4416, "SP1CU1"}, + {4422, "SP1CU2"}, + {4427, "SP1CU3"}, + {4436, "SP1CU4"}, + {4439, "SP1CU5"}, + {4449, "SP1CU6"}, + {4459, "SP1CU7"}, + {4468, "SP1CU8"}, + {4474, "SP1CU9"}, + {4491, "SP1CU10"}, + {4502, "SP1CU11"}, + {4511, "SP1CU12"}, + {4522, "SP1CU13"}, {5000, "SP2"}, + {5511, "SP2CU1"}, + {5522, "SP2CU2"}, + {5538, "SP2CU3"}, + {5540, "SP2CU4"}, + {5546, "SP2CU5"}, + {5553, "SP2CU6"}, + {5556, "SP2CU7"}, + {5557, "SP2CU8"}, + {5563, "SP2CU9"}, + {5571, "SP2CU10"}, + {5579, "SP2CU11"}, + {5589, "SP2CU12"}, + {5590, "SP2CU13"}, + {5600, "SP2CU14"}, + {5605, "SP2CU15"}, + {5626, "SP2CU16"}, + {5632, "SP2CU17"}, + {5687, "SP2CU18"}, {6024, "SP3"}, + {6205, "SP3CU1"}, + {6214, "SP3CU2"}, + {6259, "SP3CU3"}, + {6329, "SP3CU4"}, }, ["2016"] = { + { 200, "CTP2"}, + { 300, "CTP2.1"}, + { 407, "CTP2.2"}, + { 500, "CTP2.3"}, + { 600, "CTP2.4"}, + { 700, "CTP3.0"}, + { 800, "CTP3.1"}, + { 900, "CTP3.2"}, + {1000, "CTP3.3"}, + {1100, "RC0"}, + {1200, "RC1"}, + {1300, "RC2"}, + {1400, "RC3"}, {1601, "RTM"}, + {2149, "RTMCU1"}, + {2164, "RTMCU2"}, + {2186, "RTMCU3"}, + {2193, "RTMCU4"}, + {2197, "RTMCU5"}, + {2204, "RTMCU6"}, + {2210, "RTMCU7"}, + {2213, "RTMCU8"}, + {2216, "RTMCU9"}, {4001, "SP1"}, + {4411, "SP1CU1"}, + {4422, "SP1CU2"}, + {4435, "SP1CU3"}, + {4446, "SP1CU4"}, + {4451, "SP1CU5"}, + {4457, "SP1CU6"}, + {4466, "SP1CU7"}, + {4474, "SP1CU8"}, + {4502, "SP1CU9"}, + {4514, "SP1CU10"}, + {4528, "SP1CU11"}, + {4541, "SP1CU12"}, + {4550, "SP1CU13"}, + {4560, "SP1CU14"}, + {4574, "SP1CU15"}, {5026, "SP2"}, + {5149, "SP2CU1"}, + {5153, "SP2CU2"}, + {5216, "SP2CU3"}, + {5233, "SP2CU4"}, + {5264, "SP2CU5"}, + {5292, "SP2CU6"}, + {5337, "SP2CU7"}, + {5426, "SP2CU8"}, + {5479, "SP2CU9"}, + {5492, "SP2CU10"}, + {5598, "SP2CU11"}, + {5698, "SP2CU12"}, + {5820, "SP2CU13"}, }, ["2017"] = { + { 1, "CTP1"}, + { 100, "CTP1.1"}, + { 200, "CTP1.2"}, + { 304, "CTP1.3"}, + { 405, "CTP1.4"}, + { 500, "CTP2.0"}, + { 600, "CTP2.1"}, + { 800, "RC1"}, + { 900, "RC2"}, {1000, "RTM"}, + {3006, "CU1"}, + {3008, "CU2"}, + {3015, "CU3"}, + {3022, "CU4"}, + {3023, "CU5"}, + {3025, "CU6"}, + {3026, "CU7"}, + {3029, "CU8"}, + {3030, "CU9"}, + {3037, "CU10"}, + {3038, "CU11"}, + {3045, "CU12"}, + {3048, "CU13"}, + {3076, "CU14"}, + {3162, "CU15"}, + {3223, "CU16"}, + {3238, "CU17"}, {3257, "CU18"}, + {3281, "CU19"}, + {3294, "CU20"}, + {3335, "CU21"}, }, ["2019"] = { + {1000, "CTP2.0"}, + {1100, "CTP2.1"}, + {1200, "CTP2.2"}, + {1300, "CTP2.3"}, + {1400, "CTP2.4"}, + {1500, "CTP2.5"}, + {1600, "CTP3.0"}, + {1700, "CTP3.1"}, + {1800, "CTP3.2"}, + {1900, "RC1"}, {2000, "RTM"}, + {2070, "GDR1"}, + {4003, "CU1"}, + {4013, "CU2"}, + {4023, "CU3"}, + {4033, "CU4"}, + {4043, "CU5"}, }, }